OpenCVE

HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hcltech	Hcl Compass

Configuration 1 [-]

OR	cpe:2.3:a:hcltech:hcl_compass::::::::
	cpe:2.3:a:hcltech:hcl_compass::::::::

No data.

References

Link	Providers
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581

History

No history.

MITRE

Status: PUBLISHED

Assigner: HCL

Published: 2023-03-27T22:22:29.522Z

Updated: 2024-08-03T13:10:40.873Z

Reserved: 2022-10-06T16:01:51.741Z

Link: CVE-2022-42447

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-02T21:15:08.120

Modified: 2024-11-21T07:24:59.133

Link: CVE-2022-42447

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-42447", "assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "state": "PUBLISHED", "assignerShortName": "HCL", "dateReserved": "2022-10-06T16:01:51.741Z", "datePublished": "2023-03-27T22:22:29.522Z", "dateUpdated": "2024-08-03T13:10:40.873Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HCL Compass2.0 ", "vendor": "HCL Software", "versions": [{"status": "affected", "version": "2.0, 2.1, 2.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.</span><br>"}], "value": "HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc", "shortName": "HCL", "dateUpdated": "2023-04-02T18:48:52.109850Z"}, "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581"}], "source": {"discovery": "UNKNOWN"}, "title": "Cross-origin resource sharing vulnerability affects HCL Compass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:10:40.873Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*", "matchCriteriaId": "165427EA-5DFF-4A41-B983-4729032F0B61", "versionEndIncluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2C16E26-DE46-43D3-860B-D352FEBC0715", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.\n"}], "id": "CVE-2022-42447", "lastModified": "2024-11-21T07:24:59.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "psirt@hcl.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-02T21:15:08.120", "references": [{"source": "psirt@hcl.com", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103581"}], "sourceIdentifier": "psirt@hcl.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}